Attack Detection / Isolation via a Secure Multisensor Fusion Framework for Cyberphysical Systems

Motivated by rapid growth of cyberphysical systems (CPSs) and the necessity to provide secure state estimates against potential data injection attacks in their application domains, the paper proposes a secure and innovative attack detection and isolation fusion framework. The proposed multisensor fusion framework provides secure state estimates by using ideas from interactive multiple models (IMM) combined with a novel fuzzy-based attack detection/isolation mechanism.The IMM filter is used to adjust the system’s uncertainty adaptively via model probabilities by using a hybrid state model consisting of two behaviour modes, one corresponding to the ideal scenario and one associated with the attack behaviour mode. The state chi-square test is then incorporated through the proposed fuzzy-based fusion framework to detect and isolate potential data injection attacks. In other words, the validation probability of each sensor is calculated based on the value of the chi-square test. Finally, by incorporation of the validation probability of each sensor, the weights of its associated subsystem are computed. To be concrete, an integrated navigation system is simulated with three types of attacks ranging from a constant bias attack to a non-Gaussian stochastic attack to evaluate the proposed attack detection and isolation fusion framework.


Introduction
Cyberphysical Systems (CPSs) [1] are designed by integrating control, communication, and processing technologies with the main goal of monitoring/managing critical physical infrastructures.CPSs have attracted significant attentions recently both in academia and in industry due to their exceptional properties and as such emerged in different applications of paramount engineering importance such as medical systems [2], power/energy grids [3], aerospace [4], industrial/manufacturing process control [5], and transportation [6], where performing secure and optimal state estimation is the key concern.In recent years, sensor technologies and communication systems have gone through extensive advancements and improvements making it possible to deploy several sensors simultaneously in CPSs.Such developments have resulted in a significant increase in different CPS application domains.This increasing interest in deployment of CPSs and factoring in that safety and security is of paramount importance in such application domains, investigating security issues of CPSs from different angles has attracted great research interest recently [7][8][9][10].A potential cyber/physical attack in CPSs could have serious ramifications from leakage of consumer information, damaging economy, loss of critical infrastructures, and even threatening humans.Consequently, it is of significant practical importance to detect, identify, and prevent zero-day attacks in real-time with high accuracy which is the focus of this paper.
In this paper, our main focus is to design an attack detection/isolation solution for multisensor state estimation problems in CPSs.The  2 -test or as commonly called, residue-based test [11], is considered to be the conventional detection solution [12][13][14] typically used in CPSs.The  2test utilizes a normalized version of the power of the residuals based on the steady-state innovation covariance.In such a conventional detection criterion, the system is statistically evaluated based on a predefined and assumed 2 Complexity model; that is, it is common to base the calculation on some functional form of the innovation sequence (e.g., using trace or determinant operators, in the case of  2 -test, the former is used).Utilization of such functional form of the innovation sequence results in integration of diagonal and off-diagonal components of the innovation which in turn results in overlooking important statistical information.
The paper addresses this drawback.In particular, we propose a multisensor fusion framework which provides secure state estimates by assigning an interactive multiple model (IMM) filter to each sensor modality.The IMM filter adjusts the system's uncertainty adaptively via model probabilities by constructing a hybrid state model consisting of two modes: one corresponding to the ideal scenario representing clean measurements and one modeling the presence of potential attacks (referred to as the attack behaviour mode).The state  2 -test is then incorporated through a proposed fuzzy-based fusion framework to detect and isolate potential data injection attacks.The values obtained from the  2 -test assigned to each sensor are then used to compute the validation probability of each sensor.To overcome the difficulty in selecting an appropriate threshold, we construct the detection threshold based on the  2 -test's values with two boundaries and an up boundary.Finally, by incorporation of the validation probability of each sensor, the weights of its associated subsystem are computed.
The rest of the paper is organized as follows: first, Section 2 formulates the attack detection/isolation problem in CPSs and presents different attack models.Section 3 develops the proposed fusion framework and attack isolation mechanism.Section 4 presents simulation results based on an integrated navigation system consisting of three observation nodes, that is, Global Navigation System (GPS), the Bei-Dou2 (BD2), and Strap-down Inertial Navigation System (SINS).The paper is finally concluded in Section 5.

Problem Formulation
We consider the following general linear state model to represent the underlying physical system: where x  ∈ R   denotes the state vector at iteration ,   ∈ R   is the state noise component which is considered to be distributed according to a Gaussian distribution, independent of the state vector, with zero-mean and known covariance matrix, that is,   ∼ N(0, Q  ).The CPS of interest is monitored using a set of  observation nodes (sensors) communicating their data to the remote processing unit referred to as the fusion centre (FC) to perform the required estimation task.The measurement model of sensor , for (1 ≤  ≤ ), is given by where z ()  ∈ R   represents the observation vector collected by sensor , for (1 ≤  ≤ ) at iteration .The uncertainty in the observation vector is modeled by  ()   which is considered to be distributed according to a Gaussian distribution with zero-mean and known covariance matrix, that is,  ()    ∼ N(0, R ()   ).In this paper, we consider attack surfaces [15][16][17] where an adversary compromises the underlying system by injecting a bias b ()   (possibly time-varying and/or stochastic) into a subset of measurements at iteration .Based on the original measurement model (see (2)), the measurement model under the attack, therefore, is represented as follows: where Z ()  denotes possible attacked measurement collected by the th sensor.In particular, we consider the following three type of attack scenarios: (i) Constant attack where the injected bias (b ()   ) into a measurement is constant over time, that is, b ()   = b () (ii) Time-varying attack where the injected bias changes over time, for instance, trigonometric functions, (iii) Stochastic attack where the injection randomly changes over time with some statistical properties being selected by the adversary and unknown to the detection mechanism.
Our goal in this paper is to devise a novel monitoring solution to detect such attacks in real-time with minimum latency and isolate the compromised sensors.Without loss of generality and for simplicity of the presentation, we consider the following assumption.
Assumption 1.In a sensor network with  observation nodes which is under data injection attacks, number of attacked sensors at iteration , denoted by M, is not equal to the overall number of available sensor nodes (M < ).
This assumption is considered to guarantee that at each iteration at least one unattacked sensor is available for performing the state estimation task.Please note that this assumption is not restrictive as, in absence of an unattacked sensor node, the overall fusion framework continues to provide predictive state estimates while the problem is being investigated and attacked sensors are restored.
In the next section, we present our proposed attack detection/isolation framework which at each iteration isolates the attacked signal and performs the estimation task only based on the remaining clean measurements.

Fusion Framework with Attack Isolation
In order to design a monitoring framework capable of detecting all the three aforementioned injection attacks, first we model the two possible scenarios, that is, the attack and the ideal behaviour modes, by designing two different error covariance matrices for the state forcing terms.This design z (1)   k z (2)   k x (2)  k|k , P (2)   k|k  x (1)  k|k , P (1)   k|k methodology introduces structural uncertainty into the state model for which an IMM filter is associated with each active sensor.The IMM filers are used cooperatively to provide the estimate of the underlying states.Considered as the first protection layer, this setup will increase the accuracy of the fusion model under potential attacks.On the other hand, in order to isolate attacked measurements which are incorporated to update associated probability corresponding to each model within the pool of IMM filters, the information provided by the  2 -test is utilized.In other words, we use the measurement which has minimum  2 -test value for updating the associated probability of each filter in the IMM filterbank.Consequently, this proposed approach results in updating the model probabilities based on the sensor measurement which is less likely to be under attack and therefore further increases the accuracy of the fusion task.
Figure 1 illustrates the architecture of the proposed attack detection/isolation framework.In summary and at each update iteration, the proposed attack detection/isolation works as follows: (i) Each node (subsystem) transfers its local measurements to its associated IMM filter which in turn computes an updated estimate of the state vector x() | and its associated error covariance matrix P ()  | which are updated with that subsystem's measurements.
(ii) This information (x ()  | and P () | ), for (1 ≤  ≤ ), is then transferred to the  2 -square test block, associated with subsystem  to perform attack detection tasks.
(iii) The detection block computes a failure detection value  ()  and transfers it to the central node to be fused with the information from other subsystems and to perform the final attack detection/isolation.
(iv) For the purpose of selecting the best available observation to be utilized for evaluation of the IMM filters' model probabilities, the available fault detection information is used and the subsystem which has the minimum fault value is considered as the selected subsystem for updating the IMM filters' model probabilities.At the same time and to update (calibrate) the reference data (i.e., P ()  and x()  ), we incorporate the global fused information.
In brief, the proposed attack detection/isolation framework has total of  (number of sensor subsystems) IMM filters as illustrated in Figure 1.Filter  sequentially computes predicted values for the state vector (referred to as IMM-Predict step) and updated state estimates (referred to as IMM-Update step) in parallel to the other filters and only based on the observation it receives from the subsystem associated with that IMM filter .Next, we first present details of the prediction step for one subsystem.

(i) Mixing
Step.In this step, interaction probability  |  for (,  ∈ {, }) where  () is the model corresponding to the ideal scenario, while  () corresponds to the system under attack, is calculated as follows: where   denotes transition probability of moving from state  to  which is defined based on the following transition matrix: Term  1 −1 represents the probability that model  () has dominated the previous time instant (the system was in the ideal mode at iteration ( − 1) and not under attack), while  2 −1 represents the probability that model  () was in effect at the previous iteration which represents the case where the system was under attack at time ( − 1).The mixed inputs for each filter are computed as follows (ii) Local Prediction Step.In this scenario, each of the two mode-matched KFs (one matched to the ideal mode and one matched to the attacked behaviour mode) performs its corresponding prediction step based on the following equations: which in part results in computation of the mode-matched predicted estimate of the states and its associated error covariance.

(iii) Combined Prediction
Step.In this final step of the IMM-Predict module, we combine the means and covariance matrices of the attack and ideal modes to form the combined values for the predicted estimate of the states as follows: This completes the prediction step of the proposed attack detection/isolation framework.Next, we present details of the update step of the proposed framework.
(iv) Mode-Matched KF Update.Local state vector associated with the KF matched to one of the two ideal or attack modes is updated as follows: [P where term Λ   is the likelihood function.Note that IMM-KF  uses its specific observation (z ()  ) instead of z  in (11).
(v) Attack and Idle Model Probabilities.In this step, we need to update the probability that each of the two modes is in effect at a given iteration ().The required probabilities are calculated as follows: where term   in ( 16) is included as a normalization factor to ensure that it represents a true probability distribution.

(vi) Fusion
Step.In this step, the local state estimates and covariance matrices associated with the ideal and attack modes are combined to form the fused components as follows: Once this step is completed, the update stage of the proposed framework is complete.Next, we present the attack detection and compromised measurement isolation methodologies of the proposed fusion framework.

Attack Isolation
Framework.We use the state  2 -test within the proposed framework to detect an attack.And the test value is defined as follows: where ‖ ⋅ ‖ denotes inner product in the Euclidean space.Attacks on a measurements obtained from one sensor node is evaluated via the following detection mechanism: where the required threshold (  ) is computed based on the available tables for  2 -test [18].In order to define whether sensor , for (1 ≤  ≤ ), is attacked or not, a validation probability is defined corresponding to each sensor.The aforementioned validation probability is designed to be a function of the associated  2test value and is given by The above validation probability rule states that when  ()  ≤  1 , the sensor is in ideal mode with high probability.On the other hand, in cases where  ()   >  2 , the sensor is under attack with high probability.In the third possible scenario ( 1 <  ()  ≤  2 ), the sensor belongs to an intermediate state which is between the state of attack and being ideal (the sensor is softly attacked; i.e., it could be a candidate for an attacked sensor).Theoretically speaking, the quadratic term  ()   ∈ R + appearing in (18) has three degrees of freedom as it is distributed according to the  2 distribution [18].The limit values ( 1 and  2 ) defined in (20) are obtained based on this fact and using standard  2 tables.values are defined to provide the required confidence level.However, utilization of a predefined threshold in practical scenarios is not feasible; therefore, an alternative solution is required.In this paper, our contribution is utilization of fuzzy logic to solve this practical issue and identified the required threshold values ( 1 and  2 ).Based on 90% confidence level obtained from  2 -test standard tables, we compute the first threshold as  1 = 6.25 and, similarly based on 99% confidence level obtained from  2 -test standard tables, we obtain  2 = 11.35.Finally based on  2 -test standard tables, the value of the only constant  defined in (20) is computed and set to  = 5.1.
Without loss of generality and for simplicity of the presentation, in the following discussion, we consider a twosensor scenario where at each iteration at least one of the sensors is not under attack.The sensor's validation probability is given by  (1)   =  ( (1)   ) Term  (1)   denotes the probability that Sensor 1 is in an ideal behaviour mode (not attacked).Similarly,  (2)   denotes the validation probability that Sensor 2 is in an ideal mode.On the other hand,  (1∩2)  relates to the case where both sensors are in ideal mode at time .We compute an adaptive weight for each sensor based on the above-mentioned probabilities as follows: where  (1)   refers to the scenario where only Sensor 1 is not attacked (Sensor 2 is potentially under attack).Similarly,  (2)    denotes the scenario where only Sensor 2 is not attacked (Sensor 1 is potentially under attack).On the other hand,  (1∩2)  corresponds to the case where not one but both of the sensors are in ideal mode simultaneously.Finally, term  (0)  corresponds to the scenario where both sensors are under potential attacks.
The computed validation probabilities are then used to adaptively compute the estimated values of the state variables and their associated error covariance matrix.In this adaptive framework, the weights are assigned based on the validation probabilities.The fusion algorithm also incorporates the estimates for the ideal mode without presence of any attacks at iteration  and computes the updated statistics as follows: (1)   − H (1) x|−1 ) − H (2) x|−1 ) + [H (2) ] where the Kalman gains are given by Once the above set of statistics are computed, the updated values for the overall system are computed as follows: The final component in the proposed framework is to compute the reference statistics, that is, x()  and  ()  .Based on [18], state propagator is used to provide the required reference.More specifically, fused state estimate and its covariance matrix are propagated one time forward to form predicted estimates which are to be used as the reference signal.As a reference for the detection algorithm, we use x()  and  ()   which are transferred to local  2 -test blocks.To summarize, the proposed secure state estimation framework can be outlined as follows: (S.1) In the first step, the "IMM-Predict" is implemented.(S.2) In the second step, the "IMM-Update" will be implemented.
(S.3) Calculate the failure detection value  ()  using (18).(S.4)In the fourth step, the probability that each sensor belongs to the attack mode is computed based on ( 20)-( 21).(S.5)In the fifth step, the adaptive weights associated with each sensor are computed via (22).(S.6)In the sixth step, the second-order statistics based on each sensor is updated using ( 23)-( 27).(S.7)In the final step, the combined second-order statistics are computed via (28)-( 29).
This completes development of the proposed framework.
Next we present our simulation results to validate the effectiveness of the proposed multisensor attack detection/isolation fusion framework.

Experimental Results
This section presents our experimental simulations performed to evaluate the performance of the proposed framework against the aforementioned three type of data injection attacks, that is, constant attacks; time-varying attacks; stochastic attacks (possibly non-Gaussian) [19].In this simulation experiment, we utilize sensory information from an integrated navigation system with including Global Navigation System (GPS), Strap-down Inertial Navigation System (SINS), and the Bei-Dou2 (BD2).In this integrated navigation system, the -error model [20] is considered to present the evolution of the SINS state over time (state model).
First-order Gauss-Markov process is utilized to model the accelerometer and gyroscope biases where time constants of  are considered.The aforementioned model results in having state vector consisting of fifteen states (inertial states in position, velocity, attitude, accelerometer bias, and gyro bias).The monitoring sensors are the GPS and BD2.We use the position information received from the GPS and BD2 to rectify the SINS error.
In this experiment and in order to generate the trajectory of the aircraft and its associated inertial measurements, we use the "Inertial Navigation System toolbox" [21].On the other hand and to generate GPS and BD2 positions, we use the "Satellite Navigation toolbox" [22].Bias and power spectra of the SINS sensor are defined based on the following values: accelerometer bias: 50 g; accelerometer white noise: 5 g/ √ Hz; Gyro bias: 0.  in Figure 3. Figure 3 illustrates that the proposed attack detection/isolation framework can detect constant and timevarying attacks abruptly and detect the stochastic non-Gaussian attack introduced at last reasonably well.The reason behind this behaviour, that is, the proposed framework is secure even against non-Gaussian attacks, is in its ability to adopt model probabilities to error measurement.Figure 4 illustrates the model probabilities associated with the attack and ideal behaviour modes.It is observed that the mode probabilities adopt to the attack scenario in an efficient fashion.Finally, Figure 5 illustrates the position error which shows that the proposed fusion framework keeps the error bounded and does not allow the estimation algorithm to diverge even under highly non-Gaussian attacks.This is a critical important property of the proposed framework from practical point of view.

Summary
In this paper, we proposed an improved and innovative secure state estimation framework which combines the IMM filter with a fuzzy-based attack isolation mechanism.In the proposed framework, we consider two separate behaviour

Figure 3 :
Figure 3: Attack detection curve together based on the proposed fuzzy attack detection/isolation fusion framework.